Exam NSE7_ZTA-7.2 topic 1 question 1 discussion

B is correct as per https://docs.fortinet.com/document/fortigate/7.0.0/new-features/591056/ztna-session-based-form-authentication-7-0-4

B is correct. Since you have "user=" and "group=" it means there is authentication. So, an authentication scheme must be configured. Page 120. A is wrong. Remote_User is a "group", not a ZTNA tag. There are no ZTNA tags in the log "clientdevicetags=". Page 129 study guide. C is worng. 10.122.0.139 is the server's real IP. Page 129. You can see this IP in the column "Real server". D is wrong. It is not a "firewall" policy but a "proxy" policy. Page 117: ZTNA rule is a proxy policy.

Correct answer is B. There is no "clientdevicetags=" to see in the logs.

D is correct A Incorrect as there is no tag info in output C -Its destination server IP not extn IP

Based on the ZTNA logs provided, the true statement is: A) The Remote_user ZTNA tag has matched the ZTNA rule: The log includes a user tag 'ztna_user' and a policy name 'External_Access_FAZ', which suggests that the ZTNA tag for 'Remote_User' has successfully matched the ZTNA rule defined in the policy to allow access. The other options are not supported by the information in the log

I think it's A. There is no auth scheme, otherwise you would see the "authserver=" field in the log. The field "destip=" is the IP of the real server (backend server) It is a proxy policy, not a firewall policy.

I think its B

D is incorrect, the logs show a proxy policy not a firewall policy. Correct Answer C